CVE-2025-21693

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free bug was introduced in the Linux kernel when the switch to the crypto acomp API was made for hardware acceleration in zswap. The issue occurs because the per-CPU acomp ctx is retrieved and used throughout the operation in zswap compress() and zswap decompress(), but neither preemption nor migration is disabled, allowing the operation to continue on a different CPU. If the original CPU is hotunplugged while the acomp ctx is still in use, resources attached to it are freed, causing the bug. The problem was resolved by using acomp ctx.mutex to synchronize CPU hotplug callbacks with compression/decompression paths.

Recommendations To resolve the issue, ensure that the Linux kernel is updated to a version that includes the fix for the use-after-free bug in zswap. As a temporary workaround, consider disabling the zswap compress() and zswap decompress() functions until a patch is available. Restrict access to the vulnerable acomp ctx to minimize the risk of exploitation. Avoid using the acomp ctx.req variable in the affected compression/decompression paths until the issue is resolved. Apply the synchronization mechanism using acomp ctx.mutex to prevent the use-after-free bug. Update the Linux kernel to the latest version that includes the fix for the zswap use-after-free vulnerability.